PsSetCreateProcessNotifyRoutineEx STATUS_ACCESS_DENIED IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

PsSetCreateProcessNotifyRoutineEx 返回 STATUS_ACCESS_DENIED(0xC0000022L,即‭-1073741790‬)

須要設置pe文件的 DllCharacteristics 字段爲IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

PE結構以下：

 

 微軟文檔：https://technet.microsoft.com/zh-tw/sysinternals/ff559953(v=vs.110)

 

VS解決方案：

The documentation for PsSetCreateProcessNotifyRoutineEx states that the module containing the callback must have the IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY flag set in the PE header. Not having that flag will cause the API to return STATUS_ACCESS_DENIED.

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY:

Code integrity checks are forced. If you set this flag and a section contains only uninitialized data, set the PointerToRawData member of IMAGE_SECTION_HEADER for that section to zero; otherwise, the image will fail to load because the digital signature cannot be verified.

Use the linker's /INTEGRITYCHECK switch to enable.